From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 8 Mar 2014 14:54:07 +0000 (+0000)
Subject: fender.m4: Reformat the ebtables hacking a bit.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/8f58d37f17f78a742bed334201edf5e96081715a

fender.m4: Reformat the ebtables hacking a bit.
---

diff --git a/fender.m4 b/fender.m4
index dda96f8..e8e766a 100644
--- a/fender.m4
+++ b/fender.m4
@@ -39,15 +39,18 @@ run ip6tables -I INPUT -d 2001:ba8:0:1d9::ffff -j DROP
 
 ## Ethernet bridge-level filtering for source addresses.
 run ebtables -F
+for i in log limit ip ip6; do run modprobe ebt-$i; done
+
 for c in bad-source-addr check-eth0; do
   run ebtables -X $c >/dev/null 2>&1 || :
 done
-for i in log limit ip ip6; do run modprobe ebt-$i; done
+
 run ebtables -N bad-source-addr
 run ebtables -A bad-source-addr \
 	--limit 20/second --limit-burst 100 \
 	--log-prefix "fw: bad-source-addr(br) " --log-ip --log-ip6
 run ebtables -A bad-source-addr -j DROP
+
 run ebtables -N check-eth0
 run ebtables -A check-eth0 -j RETURN -p ip --ip-source ! 212.13.198.64/28
 run ebtables -A check-eth0 -j RETURN -p ip6 --ip6-source 2001:ba8:0:1d9::1